# controller ptcp: &
- This command causes the controller to bind to port 975 (the
+ This command causes the controller to bind to port 6633 (the
default) awaiting connections from OpenFlow switches. See
controller(8) for details.
On the machine that is to be the OpenFlow controller, start the
"controller" program listening for connections from switches on TCP
-port 975 (the default), as shown below. (Because it listens on a
+port 6633 (the default), as shown below. (Because it listens on a
low-numbered port, this command must run as root.)
# controller -v ptcp:
the IP address of the controller as the first argument to the
switch program, and the network devices to include in the switch as
arguments to the -i option. For example, if the controller is
- running on host 192.168.1.2 port 975 (the default port), and eth1
+ running on host 192.168.1.2 port 6633 (the default port), and eth1
and eth2 are to be the switch ports, the switch invocation would
look like this:
4. Run secchan to start the secure channel connecting the datapath to
a remote controller. If the controller is running on host
- 192.168.1.2 port 975 (the default port), the secchan invocation
+ 192.168.1.2 port 6633 (the default port), the secchan invocation
would look like this:
# secchan unix:/var/run/dp0.sock tcp:192.168.1.2
4. Run secchan to start the secure channel connecting the datapath to
a remote controller. If the controller is running on host
- 192.168.1.2 port 975 (the default port), the secchan invocation
+ 192.168.1.2 port 6633 (the default port), the secchan invocation
would look like this:
# secchan nl:0 tcp:192.168.1.2
OpenFlow can use it directly. Otherwise, refer to "Establishing a
Public Key Infrastructure" below.
-To configure the controller to listen for SSL connections on port 976
+To configure the controller to listen for SSL connections on port 6633
(the default), invoke it as follows:
# controller -v pssl: --private-key=PRIVKEY --certificate=CERT \
# controller -v pssl: --private-key=ctl-privkey.pem \
--certificate=ctl-cert.pem --ca-cert=pki/switchca/cacert.pem
-To configure a switch to connect to a controller running on port 976
+To configure a switch to connect to a controller running on port 6633
(the default) on host 192.168.1.2 over SSL, invoke secchan as follows:
# secchan -v DATAPATH ssl:192.168.1.2 --private-key=PRIVKEY \
.TP
\fBpssl:\fR[\fIport\fR]
Listens for SSL connections from remote OpenFlow switches on
-\fIport\fR (default: 976). The \fB--private-key\fR,
+\fIport\fR (default: 6633). The \fB--private-key\fR,
\fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when
this form is used.
.TP
\fBptcp:\fR[\fIport\fR]
Listens for TCP connections from remote OpenFlow switches on
-\fIport\fR (default: 975).
+\fIport\fR (default: 6633).
.TP
\fBpunix:\fIfile\fR
.TP
\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 976) on the given remote
+The specified SSL \fIport\fR (default: 6633) on the given remote
\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
\fB--ca-cert\fR options are mandatory when this form is used.
.TP
\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 975) on the given remote
+The specified TCP \fIport\fR (default: 6633) on the given remote
\fIhost\fR.
.TP
.B % controller nl:0
.TP
-To bind locally to port 975 (the default) and wait for incoming connections from OpenFlow switches:
+To bind locally to port 6633 (the default) and wait for incoming connections from OpenFlow switches:
.B % controller ptcp:
# This is a space-delimited list of connection methods:
#
# * "pssl:[PORT]": Listen for SSL connections on the specified PORT
-# (default: 976). The private key, certificate, and CA certificate
+# (default: 6633). The private key, certificate, and CA certificate
# must be specified below.
#
# * "pctp:[PORT]": Listen for TCP connections on the specified PORT
-# (default: 975). Not recommended for security reasons.
+# (default: 6633). Not recommended for security reasons.
#
# * "nl:DP_IDX": Listen on local datapath DP_IDX. Used only if this
# machine is also an OpenFlow switch and not running the secure
# CONTROLLER: Location of controller.
# One of the following formats:
-# tcp:HOST[:PORT] via TCP to PORT (default: 975) on HOST
-# ssl:HOST[:PORT] via SSL to PORT (default: 976) on HOST
+# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
+# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
# The default below assumes that the controller is running locally.
# This setting has no effect when MODE is set to 'discovery'.
#CONTROLLER="tcp:127.0.0.1"
\subsection{Switch/Controller Connection}
The switch and controller communicate through an SSL connection. The switch must be able to establish the communication at a user-configurable (but otherwise fixed) IP address, using a user-specified port. Traffic to and from the secure channel is not checked against the flow table. Therefore, the switch must identify incoming traffic as local before checking it against the flow table. Future versions of the protocol specification will describe a dynamic controller discovery protocol in which the IP address and port for communicating with the controller is determined at runtime.
\\\\
-The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 976. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate).
+The SSL connection is initiated by the switch on startup to the controllerÕs server, which is located by default on TCP port 6633. The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate).
\subsection{OpenFlow Protocol Overview}
The controller configures and manages the switch, and receives events from the switch, via the OpenFlow protocol, on the secure channel.
-\end{document}
\ No newline at end of file
+\end{document}
#define OFP_MAX_TABLE_NAME_LEN 32
#define OFP_MAX_PORT_NAME_LEN 16
-#define OFP_TCP_PORT 975
-#define OFP_SSL_PORT 976
+#define OFP_TCP_PORT 6633
+#define OFP_SSL_PORT 6633
#define OFP_ETH_ALEN 6 /* Bytes in an Ethernet address. */
.TP
\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 976) on the given remote
+The specified SSL \fIport\fR (default: 6633) on the given remote
\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
\fB--ca-cert\fR options are mandatory when this form is used.
.TP
\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 975) on the given remote
+The specified TCP \fIport\fR (default: 6633) on the given remote
\fIhost\fR.
.TP
.RS
.TP
\fBpssl:\fR[\fIport\fR]
-Listens for SSL connections on \fIport\fR (default: 976). The
+Listens for SSL connections on \fIport\fR (default: 6633). The
\fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options
are mandatory when this form is used.
.TP
\fBptcp:\fR[\fIport\fR]
-Listens for TCP connections on \fIport\fR (default: 975).
+Listens for TCP connections on \fIport\fR (default: 6633).
.TP
\fBpunix:\fIfile\fR
.TP
\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 976) on the given remote
+The specified SSL \fIport\fR (default: 6633) on the given remote
\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
\fB--ca-cert\fR options are mandatory when this form is used.
.TP
\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 975) on the given remote
+The specified TCP \fIport\fR (default: 6633) on the given remote
\fIhost\fR.
.TP
connect the controller and datapath using plain TCP. To look at the
traffic, tcpdump will be started in a manner similar to the following:
- sudo ./tcpdump -s0 -i eth0 port 975
+ sudo ./tcpdump -s0 -i eth0 port 6633
The "-s0" flag indicates that tcpdump should capture the entire packet.
If the OpenFlow message is not received in its entirety, "[|openflow]" will
.TP
\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 976) on the given remote
+The specified SSL \fIport\fR (default: 6633) on the given remote
\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
\fB--ca-cert\fR options are mandatory when this form is used.
.TP
\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 975) on the given remote
+The specified TCP \fIport\fR (default: 6633) on the given remote
\fIhost\fR.
.TP
projects / openvswitch / commitdiff